Lucene search
K

165 matches found

NVD
NVD
added yesterday5 views

CVE-2026-61971

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...

2.7CVSS0.00314EPSS
Exploits0References1
CVE
CVE
added 4 days ago13 views

CVE-2026-2398

MobilMen 20T (Adam Retail Automation Ltd) is affected by CVE-2026-2398 due to an Authorization bypass via a User-Controlled key, enabling Privilege Escalation. Affected versions are MobilMen 20T v3 through 10072026. CVSS 3.1 base score 8.8 (Network, Low attack complexity, Privileges Required: Low...

8.8CVSS6.1AI score0.0025EPSS
Exploits0References1
CVE
CVE
added last week14 views

CVE-2026-5730

CVE-2026-5730 affects Idvlabs Ontime through version 04052026. The issue is an authorization bypass (IDOR) caused by a user-controlled key, enabling exploitation of trusted identifiers with no user interaction. CVSS 3.1 base score 7.5 (HIGH) with network attack vector, low attack complexity, no p...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added last week6 views

EUVD-2026-42014

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:27 p.m.4 views

EUVD-2026-39394

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...

8.4CVSS5.8AI score0.00159EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:27 p.m.20 views

CVE-2026-2815

The CVE affects Silicon Labs’ EFR32xG27 devices. Issue: Incorrect use of the PUF key for user key generation leads to predictable keys. This is tied to a CVSS 4.0 base score of 8.4 (HIGH) with adjacent access, low attack complexity, no authentication, and user interaction not required. The vulner...

8.4CVSS5.8AI score0.00159EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/21 3:15 a.m.7 views

CVE-2026-12773 BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...

7.5CVSS6.7AI score0.00612EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 3:15 a.m.10 views

EUVD-2026-38139

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...

7.5CVSS6.7AI score0.00612EPSS
Exploits1References5
NVD
NVD
added 2026/06/21 2:16 a.m.17 views

CVE-2026-12771

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...

7.5CVSS0.00288EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51197

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.59.9 Description An improper authentication flaw exists in the MCP Proxy component. Specifically, the UserAPIKeyAuth function within the file litellm/proxy/ experimental/mcp server/auth/user api key auth...

9.8CVSS7.2AI score0.00612EPSS
Exploits1References13
Snyk
Snyk
added 2026/06/19 9:43 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the removeAlarms process. An attacker can permanently delete alarm records belonging to other tenants by supplying arbitrary alarm IDs in a bulk delete request. This can result in...

9.6CVSS5.9AI score0.00258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.19 views

PT-2026-48630

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS7.7AI score0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 6:20 a.m.34 views

CVE-2026-44083 QuMagie

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

8.7CVSS0.0046EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 6:20 a.m.52 views

CVE-2026-44083

CVE-2026-44083 affects QuMagie. The vulnerability is an authorization bypass via a user-controlled key that could allow remote attackers to gain unintended privileges. Affected product: QuMagie (reported across multiple feeds). Root cause: authorization bypass enabling privilege escalation; explo...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/09 6:20 a.m.11 views

EUVD-2026-35354

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

8.7CVSS5.5AI score0.0046EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 5:55 p.m.37 views

CVE-2026-4868 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...

8.2CVSS0.00341EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 11:16 a.m.17 views

CVE-2026-42736

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...

7.5CVSS0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.7 views

CVE-2026-42736

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 11:16 p.m.19 views

CVE-2026-35430

Authorization bypass through user-controlled key in Azure Privileged Identity Management PIM allows an authorized attacker to elevate privileges over a network...

8.8CVSS0.00426EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/21 2:0 p.m.15 views

Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability

Authorization bypass through user-controlled key in Azure Privileged Identity Management PIM allows an authorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.00426EPSS
Exploits0
Rows per page
Query Builder